A HIPAA patient assistant on Epic MyChart. Every patient route needs a login except one status endpoint that lost its auth middleware. Unauthenticated, it confirms a person is a patient and returns their EHR link status. Established program, five figure table, one chill evening.

Claude Code. A malicious .mcp.json exfiltrates environment variables before any tool prompt. Approval is keyed on server name only, so a second commit can swap the command and run on the next project open with no new dialog.

Online business marketplace. Buyer ID and proof of funds verification gate the URL of every listing. The full profit and loss history is delivered to any unverified account in the same JSON response, hidden only by the browser.

HIPAA workflow platform. One GraphQL mutation grants the $1,499/month Scale Up plan with no card, no billing address, no Stripe customer. 24,000 PHI runs on the house.

Shipping app on a marketplace. Server prices ninety nine million euros of parcel insurance at twenty euros flat, while telling you in the same JSON that the maximum is five hundred.

Three prompt injection techniques that broke AI guardrails on the first try. Table fill-in, memory backdoor, invisible RAG payload.

Firestore rules on a recruiting platform. Any free account could download every company hiring criteria.

Hospital SOAP service. Namespace trick bypassed WS-Security, then XXE on the unauthenticated parser.

Broken access control in a collaborative editor escalated to stored XSS, wormable infection, and platform-wide DoS.

ERP authorization flaw. The API offered two input paths, only one had an auth check. 9,453 records out.

WAF bypass on a car manufacturer. A semicolon exposed 530 endpoints, dev tokens, and admin ops on production.